Shulou(Shulou.com)06/01 Report--

First, an introduction to H3C

The predecessor of H3C, Huawei 3COM, is a company of Huawei and 3COM of the United States. in 2007, the company officially changed its name to "Hangzhou Huasan Communication Technology Co., Ltd." referred to as "H3C".

At present, the data communication market is mainly divided into telecom operators and enterprise network market. Huawei has been focused on the operator market, while H3C mainly focuses on the enterprise network market. Cisco's business spans the operator and enterprise network markets, and maintains a leading position in these two markets. Huawei is the main competitor to Cisco in the operator market, and H3C is the main competitor to Cisco in the enterprise network market.

* H3C product system

ER series router, MSR series router, SR series router

* Router products

* switch products

* data center switch products

Comparison between H3C and Cisco commands

Command difference

Second, NAT

Static address translation: the address mapping between the external and internal networks is determined in the configuration. Suitable for a small number of fixed access requirements between the internal network and the external network. Static address translation supports two ways: one-to-one static translation mapping and network segment static translation mapping.

Dynamic address translation: the address mapping between the external network and the internal network is dynamically determined by the message. By configuring the association between the access control list and the address pool (or interface address), the "address in the address pool (or interface address)" is selected and used by "IP messages with certain characteristics" to establish a dynamic address mapping relationship. For internal networks, there is a need for a large number of users to access the external network. In this case, the address pool resources specified in the association are selected for use by intranet messages as needed.

Easy_ip: by configuring the easy ip function, you can directly use the ip address of the interface as the translated message source address.

NAT_SERVER: by configuring the internal server, the corresponding external interface address and port can be mapped to the private address and port of the internal server, so that external network users can access the internal server. The mapping table between the internal server and the external network is generated by configuring the nat server command on the interface.

Third, policy routing

The default forwarding mechanism of the routing table is changed according to the mechanism of routing selection according to the policy made by the user. Routing policy is forwarding according to the settings of the routing table, policy routing, sub-interface policy routing and local policy routing.

There are two types of policy routes: ip unicast policy routing and ip multicast policy routing. Whether it is unicast policy routing or multicast policy routing, the configuration needs to be done in two aspects: one is to define which messages need to use policy routing, and the other is to route these messages, which can be achieved through the definition of a route-policy

Ip unicast policy routing can be divided into interface policy routing and local policy routing.

Fourth, case topology

1) Router configuration requirements: when any of the external optical fibers are interrupted, the other optical fiber can back up its subordinate network segment to access internet services or educational network resources.

(2) Nat configuration requirements: both exits of the egress router can simultaneously use the private network segment of the campus intranet for nat and access external resources. Nat server is also configured at the exit interface of the education network to enable an ip server in the internal teaching network segment to provide telnet access service to the education network.

(3) Policy routing configuration requirements: the teaching network segment 192.168.3.0 ax 24 in the campus network mainly accesses external resources through the education network, while the school network segment 192.168.2.0 hand 24 mainly accesses Internet resources through telecom exits. When the optical fiber of the education private network fails, the school network segment can access the relevant educational network resources through the telecommunications exit, and when the telecommunication optical fiber line fails, the school network segment can access the relevant resources through the private network exit.

1. Configure pc1

(you need to press ctrl+d to configure each device when it is turned on for the first time)

[PC1] int g0amp 0 [PC1-GigabitEthernet0/0] ip add 192.168.2.100 255.255.255.0 [PC1-GigabitEthernet0/0] undo shutdown [PC1-GigabitEthernet0/0] quitts [PC1] ip route-static 0.0.0.0 0.0.0 192.168.2.1 / / configure the default gateway

2.pc2 configuration

[PC2] int g0/0 [PC2-GigabitEthernet0/0] ip add 192.168.3.100 255.255.255.0 [PC2-GigabitEthernet0/0] undo shutdown [PC2-GigabitEthernet0/0] quit[PC2] ip route-static 0.0.0.0 0.0.0.0 192.168.3.1

3.server server configuration

[server] int g0/0 [server-GigabitEthernet0/0] ip add 192.168.3.250 255.255.255.0 [server-GigabitEthernet0/0] undo shutdown [server-GigabitEthernet0/0] quit[server] ip route-static 0.0.0.0 0.0.0.0 192.168.3.1

4.SW1 configuration

[sw1] vlan2 [sw1-vlan2] vlan3 / / create VLAN [sw1-vlan3] quit[ SW1] int vlan 1 / / use VLAN1 to communicate with R1 later [sw1-Vlan-interface1] ip add 192.168.1.2 255.255.255.0 [sw1-Vlan-interface1] undo shutdown [sw1-Vlan-interface2] ip add 192.168.2.1 255.255.255 . 0 [sw1-Vlan-interface2] undo shutdown [sw1-Vlan-interface2] int vlan 3 [sw1-Vlan-interface3] ip add 192.168.3.1 255.255.255.0 [sw1-Vlan-interface3] undo shutdown [sw1-Vlan-interface3] int g1/0/6 [sw1-GigabitEthernet1/0/6] port access vlan 2 [sw1-GigabitEthernet1/0/6] int g1/0/7 [sw1-GigabitEthernet1/0/7] port access vlan 3 [sw1-GigabitEthernet1/0/7] int g1/0 / 8 [sw1-GigabitEthernet1/0/8] port access vlan 3 / / add the interface to the corresponding vlan

five. Configure R1

[R1] int g0amp 0 [R1-GigabitEthernet0/0] ip add 202.202.202.2 255.255.255.252 [R1-GigabitEthernet0/0] undo shutdown [R1-GigabitEthernet0/0] int g0max 1 [R1-GigabitEthernet0/1] ip add 200.200.200.2 29 [R1-GigabitEthernet0/1] undo shutdown [R1-GigabitEthernet0/1] int g0 port link-mode bridge change the interface to bridge mode [R1-GigabitEthernet0/2 ] int vlan 1 [R1-Vlan-interface1] ip add 192.168.1.1 24 [R1-Vlan-interface1] undo shutdown

6. Configure R2

[R2] int g0/0 [R2-GigabitEthernet0/0] ip add 202.202.202.1 30 [R2-GigabitEthernet0/0] undo shutdown [R2-GigabitEthernet0/0] int g0/1 [R2-GigabitEthernet0/1] ip add 222.222.222.1 30 [R2-GigabitEthernet0/1] undo shutdown [R2-GigabitEthernet0/1] int loop 0 [R2-LoopBack0] ip add 202.202.0.1 32

7. Configure R3

[R3] int g0/0 [R3-GigabitEthernet0/0] ip add 222.222.222.2 30 [R3-GigabitEthernet0/0] undo shutdown [R3-GigabitEthernet0/0] int g0/1 [R3-GigabitEthernet0/1] ip add 200.200.200.1 29 [R3-GigabitEthernet0/1] undo shutdown [R3-GigabitEthernet0/1] int g0/2 [R3-GigabitEthernet0/2] ip add 202.1.1.1 24 [R3-GigabitEthernet0/2] undo shutdown

8. Configure PC3

[pc3] int g0/0 [pc3-GigabitEthernet0/0] ip add 202.1.1.2 24 [pc3-GigabitEthernet0/0] undo shutdown [pc3-GigabitEthernet0/0] quit[pc3] ip route-static 0.0.0.0 0.0.0.0 202.1.1.1

9.sw1 configure default rout

[sw1] ip route-static 0.0.0.0 0.0.0.0 192.168.1.1

Point to the ip of R1 vlan1

10.R1 configure static routing and ospf

[R1] ip route-static 192.168.3.0 255.255.255.0 192.168.1.2[R1] ip route-static 192.168.2.0 255.255.255.0 192.168.1.2[R1] ospf 1 [R1-ospf-1] area 0 [R1-ospf-1-area-0.0.0.0] net 0.0.0.0 255.255.255.255

11.R2 configuration ospf

[R2] ospf 1 [R2-ospf-1] area 0 [R2-ospf-1-area-0.0.0.0] net 0.0.0.0 255.255.255.255

12.R3 configuration ospf

[R3] ospf 1 [R3-ospf-1] area 0 [R3-ospf-1-area-0.0.0.0] net 0.0.0.0 255.255.255.255

13.R1 configuration NAT

[R1] acl basic 2001 / / basic ACL The number range is 2000 "29999 [R1-acl-ipv4-basic-2001] rule 0 permit source 192.168.2.0 0.0.255 [R1-acl-ipv4-basic-2001] rule 5 permit source 192.168.3.0 0.0.255 [R1-acl-ipv4-basic-2001] rule 10 deny [R1-acl-ipv4-basic-2001] int g0 port link-mode route 0 [R1-GigabitEthernet0/0] R1-GigabitEthernet0/0 ] description link_to_ tel[ R1-GigabitEthernet0/0] nat outbound 2001 [R1-GigabitEthernet0/0] int g0On1 [R1-GigabitEthernet0/1] port link-mode route [R1-GigabitEthernet0/1] description link_to_ end [R1-GigabitEthernet0/1] nat outbound 2001

14. Verify that PC1 can ping the loopback interface address on the R2 router

Verify PC1pingPC3

15. View the NAT translation table on the R1 router

[R1] display nat session verboseSlot 0:Initiator: Source IP/port: 192.168.2.100 display nat session verboseSlot 0:Initiator 44032 / / Source address is 192.168.2.100 Destination IP/port: 202.202.0.1 Universe 2048 / / destination address is 202.202.0.1 DS-Lite tunnel peer:-instance/VLAN ID/VLL ID:-/-Protocol: ICMP (1) Inbound interface: Vlan-interface1Responder: Source IP/port: 202.202.0.1 Inbound interface 3 / / 202.202.0.1 the return traffic Destination IP/port: 202.202.202.2Universe 0 / / 200.200.200.2 API enters the private network DS-Lite tunnel peer:-instance/VLAN ID/VLL ID:-/-/-Protocol: ICMP (1) Inbound interface: GigabitEthernet0/0State: ICMP_REPLYApplication: OTHERStart time: 2019-10-29 07:48:16 TTL: 28sinitiator-> Responder: 0 packets 0 bytesResponder- > Initiator: 0 packets 0 bytesInitiator: Source IP/port: 192.168.2.100 DS-Lite tunnel peer 43776 / / Source address is 192.168.2.100 DS-Lite tunnel peer: 202.1.1.2 DS-Lite tunnel peer :-instance/VLAN ID/VLL ID:-/-/-Protocol: ICMP (1) Inbound interface: Vlan-interface1Responder: Source IP/port: 202.1.1.2amp 3 / / 202.1.1.2 return traffic Destination IP/port: 200.200.200.2amp0 / / 200.200.200.2 API enters private network DS-Lite tunnel peer: -instance/VLAN ID/VLL ID:-/-/-Protocol: ICMP (1) Inbound interface: GigabitEthernet0/1State: ICMP_REPLYApplication: OTHERStart time: 2019-10-29 07:47:47 TTL: 0sInitiator-> Responder: 0 packets 0 bytesResponder- > Initiator: 0 packets 0 bytesTotal sessions found: 2

16.R1 configure policy routing

[R1] acl advanced 3001 / / Advanced ACL The label range is 3000 '3999 [R1-acl-ipv4-adv-3001] rule 0 permit ip source 192.168.3.0 0.0.0.255G / grab the data flow of the 192.168.3.0 0.0.255ax 24 network segment [R1-acl-ipv4-adv-3001] quitquitR1] policy-based-route al permit node 10 / / configure policy routing [R1-pbr-al-10] if-match acl 3001 [R1Corp PBR- Al-10] apply next-hop 200.200.200.1 / / perform this action The next hop points to 200.200.200.1 [R1-pbr-al-10] quitR1] policy-based-route al permit node 20 / / empty node, allowing other mismatched data flows [R1-pbr-al-20] quitR1] int Vlan-interface1 [R1-Vlan-interface1] ip policy-based-route al// to apply policy routing under this interface. Because packets that need to be routed by policy are forwarded from this interface.

17. Test pc1pingpc3 and view the nat conversion table

[R1] display nat session verbose

* * 18.R1 configure NAT server***

[R1] int g0/1 [R1-GigabitEthernet0/1] nat server protocol tcp global 200.200.200.2 23 inside 192.168.3.250 23

19.server enables Telnet

[server] telnet server enable / / is enabled by default You can omit [server] local-user admin / / create a local user adminNew local user added. [server-luser-manage-admin] password simple benet / / configure plaintext password "benet" [server-luser-manage-admin] service-type telnet / / specify service type telnet [server-luser-manage-admin] authorization-attribute user-role level-3// specify command level 3 [server- Luser-manage-admin [server] user-interface vty0 4 / / enter the vty line [server-line-vty0-4] authentication-mode scheme / / configure the user's authentication method [server-line-vty0-4] protocol inbound telnet / / support telnet [server-line-vty0-4] quit

20.PC3 starts testing telnet server

Telnet 200.200.200.2

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.